New Mac espionage trojan targets Dalai Lama supporters

Drive-by attack exploits same Java vulnerability used by notorious Flashback.

A website related to the Dalai Lama is hosting attack code that attempts to surreptitiously install OS X-based spy software on the Macs of people who visit.

The backdoor trojan, dubbed Dockster by antivirus providers, has the ability to capture the keystrokes of infected machines. It also provides an interface that allows attackers to download and execute additional malware, according to this brief analysis from F-Secure. Dockster was uploaded to the VirusTotal malware detection service on Friday, presumably by attackers who wanted to see if it was detected by AV services, according to a separate post from competing AV provider Intego.

The drive-by attacks exploit a now-patched vulnerability in Oracle's Java software framework. CVE-2012-0507 is the same Java bug used earlier this year to infect more than 500,000 Mac users with malware known as Flashback. Oracle has since released an update that patches the hole, and recent changes introduced by Apple also remove a Java-based plugin from default versions of OS X. But users who are using older installations or have changed default settings could still be susceptible.

Dockster is only the latest Mac-based threat to hit organizations and people sympathetic to Tibet's conflict with the Chinese government. Earlier this year, researchers uncovered another malware-based espionage campaign that also targeted pro-Tibetan users of OS X.

The exploit pushing Dockster on gyalwarinpoche.com has been active since at least November 27, F-Secure said. The site is also pushing Windows-based malware, but those exploits don't appear to work.

That article you linked you claims that Oracle has already patched their Java distribution. The people to blame here are Apple, who not only didn't patch their version of Java, they just discontinued it rather than fix it.

All of this just indicates that Oracle's platform has holes, and nobody releases updates 100% fast enough. Which we kinda already knew. The fewer platforms your computer supports, the fewer attack vectors you'll be subject to.

I'd be interested to know the ratio among Java/Flash/other/native exploit types that affect OS X. Anyone know if this sort of data is already gathered in a convenient form?

Although Oracle released a fix for the security threat in February, a patch has yet to be released for OS X users. That's because Apple distributes Java updates itself

Yes Apple was horrible at actually keeping it up-to-date, but luckily nobody has to rely on apple anymore for that.

So is Oracle. Perform a simple Google search on how much fun Java has been since Oracle acquired it. You get pages and pages of articles detailing how to get rid of Java and Javascript, why you should look elsewhere as a developer, and pages of bitching and moaning regarding exploits and how people have been affected by them.

Why am I not surprised that a connection is being drawn between Dalai Lama supporters and Mac users?

Surely Mac users have the same demographics as PC users when it comes to religion. Is there a specific point you're making here?

I'm pretty sure that was a joke. You know, the stereotype of Mac users being coastal hipsters working on their novels at independent coffee shops, wearing plaid shirts and skinny jeans, supporting any old revolutionary cause they learn about, and being really into Eastern spiritualism.

Although Oracle released a fix for the security threat in February, a patch has yet to be released for OS X users. That's because Apple distributes Java updates itself

Yes Apple was horrible at actually keeping it up-to-date, but luckily nobody has to rely on apple anymore for that.

So is Oracle. Perform a simple Google search on how much fun Java has been since Oracle acquired it. You get pages and pages of articles detailing how to get rid of Java and Javascript, why you should look elsewhere as a developer, and pages of bitching and moaning regarding exploits and how people have been affected by them.

Why am I not surprised that a connection is being drawn between Dalai Lama supporters and Mac users?

Surely Mac users have the same demographics as PC users when it comes to religion. Is there a specific point you're making here?

I'm pretty sure that was a joke. You know, the stereotype of Mac users being coastal hipsters working on their novels at independent coffee shops, wearing plaid shirts and skinny jeans, supporting any old revolutionary cause they learn about, and being really into Eastern spiritualism.

Whoops, an itchy trigger finger got the better of me then.

I've got to stop flicking into Ars when I'm worked up about something else.

Gee, who could possibly be behind this attack? Another baffling mystery./s

It's so obvious, that it makes me wonder if it's not a third party looking to discredit the Chinese government. It just seems to easy to draw the link.

You assume that the PRC cares whether anyone knows they are the culprit. Hell, the party probably likes the fact that the proletariat gets a reminder they are being watched. The proles in the west as much as those in the east.

Gee, who could possibly be behind this attack? Another baffling mystery./s

It's so obvious, that it makes me wonder if it's not a third party looking to discredit the Chinese government. It just seems to easy to draw the link.

You assume that the PRC cares whether anyone knows they are the culprit. Hell, the party probably likes the fact that the proletariat gets a reminder they are being watched. The proles in the west as much as those in the east.

I assume that all politicians crave respect and adulation, and they won't get that from stupid hacks like this. That's why this seems odd to me.

But the ongoing repression of harmless groups like the Falun Gong makes me wonder if you're spot on after all, and whether my assumption of any subtlety on their part is just way off base.

Why am I not surprised that a connection is being drawn between Dalai Lama supporters and Mac users?

Surely Mac users have the same demographics as PC users when it comes to religion. Is there a specific point you're making here?

I'm pretty sure that was a joke. You know, the stereotype of Mac users being coastal hipsters working on their novels at independent coffee shops, wearing plaid shirts and skinny jeans, supporting any old revolutionary cause they learn about, and being really into Eastern spiritualism.

sooo, an exploit designed to attack a patch that all but about 50,000 people installed all the way back in May? Look, the reason the rest didn't patch, nobody uses those Macs online anymore.... There simply isn't a surface area for this bug to actualyl attack of any appreciable size, and since it's not self-spreading that makes it even less effective. Even if you didn;t upgrade your OS, and get the java patch (or java removed), Apple did fix the issue that allowed the java vulnerability to actually work, this is of little real threat, except to morons who turn off or ignore updates and also don't run AV tools, and I'm a personal believer that at some point we do have to let natural selection actually keep working...

Gee, who could possibly be behind this attack? Another baffling mystery./s

Agreed, it's clearly a Microsoft plot.

yes, if by Microsoft you mean the honorable Chinese government

Why were you downvoted? Is it now faux pas to actually name names when talking about international hacking crimes committed by the very same governments supposedly fighting against it? The US and Israel created Stuxnet, Flame, etc and the hacking of Google accounts and anything related to Dalai Lama or human rights activists is most(highly) likely China. Our governments are committing the same "crimes" they throw their own citizens in jail for. We need to start admitting these things, maybe then we can put a stop to them. But, as long as people keep ignoring them and ignoring the corruption it will continue and get worse. From Stuxnet and Flame, to Bush's 2004 election and the Iraq war, the 2009 recession and bank demands... I mean "bailouts", to the RIAA and MPAA's, SOPA and PIPA, the "Patriot" Act, Gitmo and torture, little cameras and mics planted in behind our TV screens, the NSA's warrantless wiretapping, the militarization of our civil police forces and officers "mistaking" their guns for tazers, the "War" on "drugs", the political bribes we call "campaign contributions", corporations defined as "people" or should I say people defined in the same manner as corporations(most have the problem backwards), to Monsanto and the "terminator" seed, GMO's and hormone injections(rBGH) in our cattle that caused our daughters to start hitting puberty at 8 and 9 instead of 14-16 in the early 90's, to Agent Orange and the entire Vietnam war, the use of depleted uranium on civilian populations(or used at all even), yet another super secret branch of the military the US calls "Homeland Security", to the fact that 2 German brothers funded BOTH sides of WW2 and currently(along with others) control our entire economy, to the 6-o'clock news, each and every day. We see it all around us, but no one wants to admit it.

Gee, who could possibly be behind this attack? Another baffling mystery./s

Agreed, it's clearly a Microsoft plot.

yes, if by Microsoft you mean the honorable Chinese government

Why were you downvoted?

Let's go with the most obvious explanation: If you miss the obvious sarcasm of two posters and tell everybody the most obvious thing, that's likely to lead some people to vote you down (note I didn't).